- Apply upstream patch for CVE-2010-0541 (bug 587731)

2010-08-23 02:44:49 +09:00 · 2010-08-23 02:44:49 +09:00 · 12823d98ef
commit 12823d98ef
parent 079e2cb5b3
2 changed files with 29 additions and 1 deletions
--- a/ruby-1.8.6.x-CVE-2010-0541.patch
+++ b/ruby-1.8.6.x-CVE-2010-0541.patch
@ -0,0 +1,22 @@
+commit 11183a22ef3998b9e822bb9322e49b8d6838aa81
+Author: wyhaines <wyhaines@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date:   Tue Aug 17 18:36:29 2010 +0000
+
+    lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information.
+    
+    
+    git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@29026 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+
+diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
+index 62156b1..48fe4b0 100644
+--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
+@@ -209,7 +209,7 @@ module WEBrick
+         @keep_alive = false
+         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
+       end
+-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
+ 
+       if respond_to?(:create_error_page)
+         create_error_page()
--- a/ruby.spec
+++ b/ruby.spec
@ -18,7 +18,7 @@

 Name:		ruby
 Version:	%{rubyver}%{?dotpatchlevel}
-Release:	5%{?dist}
+Release:	6%{?dist}
 License:	Ruby or GPLv2
 URL:		http://www.ruby-lang.org/
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -95,6 +95,8 @@ Patch37:        ruby-1.8.x-ext_tk-flatten-level-revert.patch
 Patch38:        ruby-1.8.x-null-class-must-be-Qnil.patch
 # Once revert this patch to apply Patch34 cleanly
 Patch39:        ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch
+# From upstream ruby_1_8_6 branch: Patch for CVE-2010-0541
+Patch40:        ruby-1.8.6.x-CVE-2010-0541.patch

 Summary:	An interpreter of object-oriented scripting language
 Group:		Development/Languages
@ -250,6 +252,7 @@ pushd %{name}-%{arcver}
 %patch36 -p1
 %patch37 -p1
 %patch38 -p1
+%patch40 -p1
 popd

 %build
@ -640,6 +643,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_emacs_sitestartdir}/ruby-mode-init.el

 %changelog
+* Mon Aug 23 2010 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.399-6
+- Apply upstream patch for CVE-2010-0541 (bug 587731)
+
 * Wed May 19 2010 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.399-5
 - Retry for bug 559158, Simplify the OpenSSL::Digest class
  pull more change commits from ruby_1_8 branch